d47e5ce405b0874bb9fb5190563df53c50a689cd8805b301793985093316203e

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 03:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d22be05c2c5c8eb6cba2ca75d529b79_JaffaCakes118.html
Size

19KB
MD5

2d22be05c2c5c8eb6cba2ca75d529b79
SHA1

2173e1e82abe8f388d0bc2e493192a9ff03d1d43
SHA256

d47e5ce405b0874bb9fb5190563df53c50a689cd8805b301793985093316203e
SHA512

258d45e824a03a9d0153448ec7b68cbff88fa52efe8358c4df0db54ae7f3decb129641a3b802accddbfdbb29fe3b0256e7fc0b08a83ff1895bbd218de78377b6
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIF4DzUnjBhFv82qDB8:SIMd0I5nO9HdsvF0xDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5BE9DD01-0E7E-11EF-8D15-FA7CD17678B7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421474002"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1736	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1736	iexplore.exe
1736	iexplore.exe
2160	IEXPLORE.EXE
2160	IEXPLORE.EXE
2160	IEXPLORE.EXE
2160	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2160	1736	iexplore.exe	28
PID 1736 wrote to memory of 2160	1736	iexplore.exe	28
PID 1736 wrote to memory of 2160	1736	iexplore.exe	28
PID 1736 wrote to memory of 2160	1736	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2d22be05c2c5c8eb6cba2ca75d529b79_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
f3fc9271be53c68036954ae28b5e49f8

SHA1
11c2432725e66e54d62f189e004afbfa33a8fa72

SHA256
b90b4f2e8227fbd42e259c1e52036b50268ac5bd77cb645cb9f163e2553c1cc0

SHA512
c2b0be46b9017115c305b3700c7cbc6254ec766fd95cd919659e3bc431fe1ce0a9d0b0babefe0377df44959a94498c34550b1097e9a4d551a494e3bfd59b4f92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c798cfc9a7261ceaef4cec65e99652a

SHA1
280be055a082bdfca748d51be8eaffc69e7f7b23

SHA256
2eb086f31472e0fc2907db555f9690a1344369747d5fa812338e4cd235171fe7

SHA512
b65447b44938a4e703ebb486380d329d528a5df542220703539a72829f7f4c4f07bd86d0859f8a1acde8bd46c7a360b2a4a1ef8c085dbbfa8e4fab52799104e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
244ed3c501f891babe7308a29495370a

SHA1
d5ce9e251a38dfc3925162fcc254e780c50cc4bc

SHA256
364d52ef3fc6022772986a970c8490519e82683a4f00abc6103e6195d99b465c

SHA512
9f4296f6ceea87a481081ff98e72b64020fd9e5f2c6e9267642ec4a2b0b0dc311b5aac81e224925597ca9fbdf11cb60c83ce114ed38f3fd6359889e6072cbeaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8efed7dd6e72b09e503e1a4ab60382d4

SHA1
5ede27c681e55e69bbfc4551a41120fc63b373fa

SHA256
e09b942adf8036da5850d12f38ab82e2c87ac85b9445012841497d22276cdfa8

SHA512
ffe6d8d25bda53e8919f73093adf9e9bed478759cfcf4eea00dee7cf2ec96993a17fa6ac8378b1506e2a0efc33f32805b809798241e596d7eac2a2d91cdb6d77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53148df9bef2fd21385b7d17cf80e0c9

SHA1
b9a9e5e590a7549a33d5384569311a58c7eb4e22

SHA256
47ef38137a7faba220974d40bccd1e4c28341ab787c2493c162075213e19cd9c

SHA512
94d84b57a5f8b6f37d715e749b25a7e8d50b40f021bf6f78cf44e987f78fdabb83c97e70e4a1d7f37f6b80d35203536ba3b39ed2f2c5ed1c81ebce5292851372

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b905c90155789a82f4a3d8a20e2de10d

SHA1
7b9cf0ae2a3d921d43830a90ff243a31f58a2516

SHA256
d5ef693b216d9b5fd85c1fe4be36e444c09c76865f0887436c903990ef576792

SHA512
9519941e7ade6fcf3f08d8bf0928c61b67fc4a2ea6353bdfd363c2260a78ae20004c938e9d56ee4e284a4c845684a39175ea0512a61bad75a25a6094f13e8f54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7e588fe0ceb7a8386868968c5503048

SHA1
095fc4ede5d03a50e2039898771172e041f46b71

SHA256
b5f9d09e7cb06bddc89cb9e0e129fed51b8c579e00bb3c259709fa2e0a644ec1

SHA512
630a6b2f544a40cdda91f4f759504a484fe3f293e3d365af21ccad9f8dc844667e70bf5bc145e27ff9b3ad35893cffca20948ed105aeddb93d06e8b863181f04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b6483cf3d02e53762f52d00929fec68

SHA1
6c2bbec50698aa71d8c0eb38b7fdfa1f1feb045c

SHA256
94533a35e2aacad4f6aa9ae7e5cb9233d528e8a677c73fd907bad3e5bc4ca2aa

SHA512
9421273fd5f078915ecb59943d7b3d8dbca38c8b5b591029d5336812e2e3572487585ea64012cf75822a2391c7405e2d7713d83023a30ad211f720a973ee3495

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea9b7452d067711613f5710d088cf35e

SHA1
2550d7edd281e176bb51b2e298dcf00aceae62e9

SHA256
d999a0351c5409c42777c614904883007fa411aff2b455c2ed43eebc6f7e0e9f

SHA512
5cb729791a7a58b1819bf0442b27c467097e781140848731f5006e7d029e0621e664b88464f9a0f099c5bd77b13a9697d4665bdf3fd6ff7104447cf5e1fe8285

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ecdd8e0922250ac951b9d666aa4667c

SHA1
b9aa9ce2f4dc7eb56bee2c5a835108ecda6d7282

SHA256
8c83b9551c09e59f985497120b9888d4e47f1663bf59f7cab0c4675454d27684

SHA512
845ffdc04429d636558deab2c3b90b93ff947f362fc5306a1d5d4a6480ebb4fcff8308da50224a8f06e258c79706c1c5f64fe13723c5aeaa6099532d46fc8b0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
3b37fe726b7c1c57d29f08f071ca43a8

SHA1
e704e9ba47c6eaa0e81bb956379cc9bc76bda5bb

SHA256
a72d7d7721aafdbc1039d6798747c99ae6b3c7793ce0916857c7358431016e3a

SHA512
5a7528b51a70362409a087b7da85319f5c0792c0bd839c6bbb702e005080f557d95e075d79ead8d6b340089e81806241c8574f2fce3a4c3910221655ae038e5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1BEF.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit